Information Governance

Information Governance and Security

All organisations within the Partnership must adhere to a secure and robust data and information sharing governance approach (which includes the national opt-out). Clear Information Governance (IG) processes are important for transparency on how data can be used for delivering care and enabling research to help people make informed decisions about their data use.

We are working with national and local leads to develop the IG to ensure they are compliant both now and into the future. This will include:

Understanding legal basis

Determining data flows and data control

Demonstrating accountability

Assuring and adhering to security measures

Data access, analysis and retention Individual rights

Information Sharing Network

We will support local care records programmes in their ambitions to achieve greater consistency and transparency around IG as the programme develops. All data supplied and shared in local care records across the Thames Valley and Surrey area is described and agreed in Information Sharing Protocols between the organisations supplying the information and the organisations that are receiving the information, and is approved by the Caldicott Guardian of each organisation.

Cyber Security

Cyber security of the shared records will be independently assured with national oversight. The Thames Valley and Surrey Care Records Partnership is using the UKSC CAF Cyber Security Framework.

Access to records will be via the local shared records programmes or clinical systems, therefore ensuring local ownership of who can see what data is maintained and local accountability can be audited by each organisation.

Information Governance arrangements will be put in place before any sharing takes place to ensure that data is only shared where legally and ethically appropriate to do so.